[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

--allow-root and init via SSH

From: Stephan Feder
Subject: --allow-root and init via SSH
Date: Tue, 11 Dec 2001 10:59:07 +0100


I want to set up CVS in a way so that some dedicated cvs users cannot do
anything hostile. For that reason they have to login via SSH and their
login shell is a simple program that checks that they want to execute
"cvs server" and then executes "cvs server" itself. But now a simple
"cvs -d :ext:<user>@host:/tmp/<any name> init" allows those users to
"pollute" the /tmp directory (or any other directory they are allowed to
write to, even within an existing repository they have access to).

Should not creating new repositories be disallowed via remote access?

Another question I asked some time ago on this list: 

Is --allow-root evaluated for "cvs server" in the current development
version, or is it at least on the todo list? 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]